diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index 99a1a489a..f749c8bdf 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -169,7 +169,7 @@ bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,void *tPtr,const Shar
 			const SharedPtr<Network> network(RR->node->network(networkId));
 			const int64_t now = RR->node->now();
 			if ((network)&&(network->config().com))
-				network->pushCredentialsNow(tPtr,peer->address(),now);
+				network->peerRequestedCredentials(tPtr,peer->address(),now);
 		}	break;
 
 		case Packet::ERROR_NETWORK_ACCESS_DENIED_: {
diff --git a/node/Membership.hpp b/node/Membership.hpp
index 49afeafee..aecbaa890 100644
--- a/node/Membership.hpp
+++ b/node/Membership.hpp
@@ -64,15 +64,7 @@ public:
 	 */
 	void pushCredentials(const RuntimeEnvironment *RR,void *tPtr,const int64_t now,const Address &peerAddress,const NetworkConfig &nconf);
 
-	/**
-	 * @param now Current time
-	 * @param lastReceivedCredentials Time we last received updated credentials from the controller
-	 * @return True if we haven't pushed credentials in a long time (to cause proactive credential push)
-	 */
-	inline bool shouldPushCredentials(const int64_t now, const int64_t lastReceivedCredentials) const
-	{
-		return ((now - _lastPushedCredentials) > ZT_PEER_ACTIVITY_TIMEOUT) || (lastReceivedCredentials > _lastPushedCredentials);
-	}
+	inline int64_t lastPushedCredentials() { return _lastPushedCredentials; }
 
 	/**
 	 * Check whether we should push MULTICAST_LIKEs to this peer, and update last sent time if true
diff --git a/node/Network.hpp b/node/Network.hpp
index d3cc90f30..6fa6f9795 100644
--- a/node/Network.hpp
+++ b/node/Network.hpp
@@ -372,7 +372,7 @@ public:
 	 * @param to Destination peer address
 	 * @param now Current time
 	 */
-	inline void pushCredentialsNow(void *tPtr,const Address &to,const int64_t now)
+	inline void peerRequestedCredentials(void *tPtr,const Address &to,const int64_t now)
 	{
 		Mutex::Lock _l(_lock);
 		_membership(to).pushCredentials(RR,tPtr,now,to,_config);
@@ -389,7 +389,8 @@ public:
 	{
 		Mutex::Lock _l(_lock);
 		Membership &m = _membership(to);
-		if (m.shouldPushCredentials(now, _lastConfigUpdate))
+		const int64_t lastPushed = m.lastPushedCredentials();
+		if ((lastPushed < _lastConfigUpdate)||((now - lastPushed) > ZT_PEER_ACTIVITY_TIMEOUT))
 			m.pushCredentials(RR,tPtr,now,to,_config);
 	}